What is PCI DSS?
PCI DSS is a set of 12 mandatory rules designed to protect data that is processed, transmitted and stored during manual or electronic payment transactions. It was set up in 2004 by VISA and MasterCard and is now regulated by the Payment Card Industry Security Standards Council (PCI SSC).
If you work for a company or contact centre who takes card payments from customers over the phone, you are responsible for keeping that data as safe and secure as possible – not just to protect your customers but to protect your business as well.
Enter the Payment Card Industry Data Security Standard (or PCI DSS as we affectionately know it), a set of 12 binding requirements that are designed to ensure complete data protection for merchants who take card payments from the major card schemes, such as VISA, MasterCard, AMEX, Discover and JCB.
Whether you’ve been referred to us by your bank or you’re in charge of compliance for your contact centre, this is where you’ll find everything you need to know about PCI DSS, including how it works, who it affects, and why it’s so important.
Who Does PCI DSS Affect?
Any organisation that stores, processes or transmits cardholder data from the major card schemes must comply with PCI DSS requirements.
How Does PCI DSS Work?
The PCI compliance standards work to protect against card fraud by ensuring every business that handles cardholder information does so in a way that keeps customer data secure and protected.
If a contact centre wants to handle card payments from any of the major schemes they must comply with the following 12 requirements:
- Install and maintain a secure firewall
- Use unique passwords (rather than defaults)
- Encrypt stored data
- Encrypt data during transmission
- Keep anti-virus software current and updated
- Regularly check systems and applications are secure
- Ensure access is restricted to only those who need it
- Make sure those with access have a unique user ID
- Ensure physical access to data is restricted and controlled
- Make sure access to network and data is tracked and monitored
- Regularly test security systems and incident response plans
- Have a clear information security policy
Adhering to each of these requirements will ensure PCI DSS compliance for your contact centre, but remember:
PCI compliance doesn’t automatically reduce risk or make you more secure.
Why is PCI Compliance Important?
The PCI DSS requirements are designed to combat card fraud by keeping cardholder data safe from hackers and other security breaches, but it’s not just your customers’ safety that is protected.
By ensuring your contact centre is PCI DSS compliant, you are also protecting your business – both financially and legally. A single data breach is now estimated to cost a company $3m on average, while the loss of connectivity caused by a breach or DDoS attack can prevent businesses operating for long periods of time.
Not only can this negatively affect or even ruin a company’s reputation, it also damages confidence in the industry as a whole.
While PCI DSS compliance is not a legal requirement, it does ensure compliance with the Data Protection Act – protecting you legally should the worst happen.
What are the Risks and Penalties of Non-Compliance?
As mentioned above, PCI DSS compliance is not a legal requirement, but it is mandatory if your contact centre wants to process transactions with the major card schemes.
If a system is compromised and the company is found not to be PCI DSS compliant, the business could face severe penalties, such as brand damage, lawsuits and legal costs, share price drop, job losses, insurance claims, regulator fines, higher banking fees, and potentially, the loss of ability to accept card payments.
These, coupled with the fraud losses, the cost of replacing cards, loss of customer confidence, and the ensuing decrease in sales can all lead to a company suffering huge financial losses or even going out of business entirely.
Rather worryingly, 9 out of 10 large organisations suffered a security breach last year; can you afford to be one of them?
Speak to our expert data security consultants today to find out more about PCI Pal’s innovative secure payment cloud solutions.